Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6400

Improve CT roboustness

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Another issue

      Description

      CT submissions can fail if there's a high number of parallel ongoing connections to CT logs. When running CTLogTest on my laptop this happens when there are more than 20-25 threads in the testManyTestsMultiThreaded test.

      I have observed three different failure modes:

      • SCTs are silently "lost", which cause minimum requirements to not be satisfied, and certificate issuance to fail.
      • The "connection pool" of the HttpClient runs out, causing a timeout. I think I've fixed this in ECA-6351. There's still a limit of 100 concurrent connections, though.
      • "Broken pipe" errors. According to Stack Overflow [1] this can happen when "the other end has already closed [the connection]", i.e. a problem in CTLogTestServer in our case. So this is likely a problem with the test code.
      • "Read timed out" (I've only seen this since we fixed error loggning) from the test case. Possibly the same issue as the first point, just a different symptom (error message is now included in the exception).

      It's not clear if the problems are caused by a bug or by the shortcomings of the current "spawn-an-new-thread-per-request" thread model. The solution might be to implement a event-based (should handle the highest concurrency) or worker-thread model.

      [1] https://stackoverflow.com/questions/2309561/how-to-fix-java-net-socketexception-broken-pipe

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              samuel Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 week
                  1w
                  Remaining:
                  Remaining Estimate - 1 week
                  1w
                  Logged:
                  Time Spent - Not Specified
                  Not Specified